cse p503
play

CSE P503: Evolution Principles of There is in the worst of fortune - PowerPoint PPT Presentation

Nov 04, 2022 •254 likes •1.45k views

CSE P503: Evolution Principles of There is in the worst of fortune the best of Software chances for a happy change. --Euripides Engineering He who cannot dance will say, The drum is bad --Ashanti proverb David Notkin The ruling power

  1. Recap: example • What information did you need? • What information was available? • What tools produced the information? – Did you think about other pertinent tools? • How accurate was the information? – Any false information? Any missing true information? • How did you view and use the information? • Can you imagine other useful tools? 11/6/2007 26

  2. Source models • Reasoning about a maintenance task is often done in terms of a model of the source code – Smaller than the source, more focused than the source • Such a source model captures one or more relations found in the system’s artifacts Document Document (a,b) Document (c,d) Document (c,f) Extraction Tool Document (a,c) ... Document (d,f) (g,h) 11/6/2007 27

  3. Example source models • A calls graph – Which functions call which other functions? • An inheritance hierarchy – Which classes inherit from which other classes? • A global variable cross-reference – Which functions reference which globals? • A lexical-match model – Which source lines contain a given string? • A def-use model – Which variable definitions are used at which use sites? 11/6/2007 28

  4. Combining source models • Source models may be produced by combining other source models using simple relational operations; for example, – Extract a source model indicating which functions reference which global variables – Extract a source model indicating which functions appear in which modules – Join these two source models to produce a source model of modules referencing globals 11/6/2007 29

  5. Extracting source models • Source models are extracted using tools • Any source model can be extracted in multiple ways – That is, more than one tool can produce a given kind of source model • The tools are sometimes off-the-shelf, sometimes hand-crafted, sometimes customized 11/6/2007 30

  6. Program databases • There are many projects in which a program database is built, representing source models of a program • They vary in many significant ways – The data model used (relational, object-oriented) – The granularity of information • Per procedure, per statement, etc. – Support for creating new source models • Operations on the database, entirely new ones – Programming languages supported 11/6/2007 31

  7. Three old examples • CIA/CIA++, ATT Research (Chen et al.) – Relational, C/C++ – http://www.research.att.com/sw/tools/reuse/ – CIAO, a web-based front-end for program database access • Desert, Brown University (Reiss) – Uses Fragment integration • Preserves original files, with references into them – http://www.cs.brown.edu/software/desert/ – Uses FrameMaker as the editing/viewing engine • Rigi (support for reverse engineering) – http://www.rigi.csc.uvic.ca/rigi/rigiframe1.shtml 11/6/2007 32

  8. What tools do you use now? • What do they provide? • What don’t they provide? 11/6/2007 33

  9. Information characteristics no false positives false positives negatives no false ideal conservative negatives false optimistic approximate 11/6/2007 34

  10. Ideal source models • It would be best if every source model extracted was perfect: all entries are true and no true entries are omitted • For some source models, this is possible – Inheritance, defined functions, #include structure, • For some source models, achieving the ideal may be difficult in practice – Ex: computational time is prohibitive in practice • For many other interesting source models, this is not possible – Ideal call graphs, for example, are uncomputable 11/6/2007 35

  11. Conservative source models • These include all true information and maybe some false information, too • Frequently used in compiler optimization, parallelization, in programming language type inference, etc. – Ex: never misidentify a call that can be made or else a compiler may translate improperly – Ex: never misidentify an expression in a statically typed programming language 11/6/2007 36

  12. Optimistic source models • These include only truth but may omit some true information • Often come from dynamic extraction • Ex: In white-box code coverage in testing – Indicating which statements have been executed by the selected test cases – Others statements may be executable with other test cases 11/6/2007 37

  13. Approximate source models • May include some false information and may omit some true information • These source models can be useful for maintenance tasks – Especially useful when a human engineer is using the source model, since humans deal well with approximation – It’s ―just like the web!‖ • Turns out many tools produce approximate source models (more on this later) 11/6/2007 38

  14. Static vs. dynamic • Source model extractors can work – statically, directly on the system’s artifacts, or – dynamically, on the execution of the system, or – a combination of both • Ex: – A call graph can be extracted statically by analyzing the system’s source code or can be extracted dynamically by profiling the system’s execution 11/6/2007 39

  15. Must iterate • Usually, the engineer must iterate to get a source model that is ―good enough‖ for the assigned task • Often done by inspecting extracted source models and refining extraction tools • May add and combine source models, too 11/6/2007 40

  16. Another maintenance task • Given a software system, rename a given variable throughout the system – Ex: angle should become diffraction – Probably in preparation for a larger task • Semantics must be preserved • This is a task that is done infrequently – Without it, the software structure degrades more and more 11/6/2007 41

  17. What source model? • Our preferred source model for the task would be a list of lines (probably organized by file) that reference the variable angle • A static extraction tool makes the most sense – Dynamic references aren’t especially pertinent for this task 11/6/2007 42

  18. Start by searching • Let’s start with grep, the most likely tool for extracting the desired source model • The most obvious thing to do is to search for the old identifier in all of the system’s files – grep angle * 11/6/2007 43

  19. What files to search? • It’s hard to determine which files to search – Multiple and recursive directory structures – Many types of files • Object code? Documentation? (ASCII vs. non- ASCII?) Files generated by other programs (such as yacc)? Makefiles? – Conditional compilation? Other problems? • Care must be taken to avoid false negatives arising from files that are missing 11/6/2007 44

  20. False positives • grep angle [system’s files] • There are likely to be a number of spurious matches – …triangle…, …quadrangle… – /* I could strangle this programmer! */ – /* Supports the small planetary rovers presented by Angle & Brooks (IROS „90) */ – printf(“Now play the Star Spangled Banner”); • Be careful about using agrep ! 11/6/2007 45

  21. More false negatives • Some languages allow identifiers to be split across line boundaries – Cobol, Fortran, PL/I, etc. – This leads to potential false negatives • Preprocessing can hurt, too – #define deflection angle ... deflection = sin(theta); 11/6/2007 46

  22. It’s not just syntax • It is also important to check, before applying the change, that the new variable name (degree) is not in conflict anywhere in the program – The problems in searching apply here, too – Nested scopes introduce additional complications 11/6/2007 47

  23. Tools vs. task • In this case, grep is a lexical tool but the renaming task is a semantic one – Mismatch with syntactic tools, too • Mismatches are common and not at all unreasonable – But it does introduce added obligations on the maintenance engineer – Must be especially careful in extracting and then using the approximate source model 11/6/2007 48

  24. Finding vs. updating • Even after you have extracted a source model that identifies all of (or most of) the lines that need to be changed, you have to change them • Global replacement of strings is at best dangerous • Manually walking through each site is time- consuming, tedious, and error-prone 11/6/2007 49

  25. Downstream consequences • After extracting a good source model by iterating, the engineer can apply the renaming to the identified lines of code • However, since the source model is approximate, regression testing (and/or other testing regimens) should be applied 11/6/2007 50

  26. An alternative approach • Griswold developed a meaning-preserving program restructuring tool that can help • For a limited set of transformations, the engineer applies a local change and the tool applies global compensating changes that maintain the program’s meaning – Or else the change is not applied – Reduces errors and tedium when successful 11/6/2007 51

  27. But • The tool requires significant infrastructure – Abstract syntax trees, control flow graphs, program dependence graphs, etc. • The technology OK for small programs – Downstream testing isn’t needed – No searching is needed • But it does not scale directly in terms of either computation size or space 11/6/2007 52

  28. Recap • ―There is more than one way to skin a cat‖ – Even when it’s a tiger • The engineer must decide on a source model needed to support a selected approach • The engineer must be aware of the kind of source model extracted by the tools at hand • The engineer must iterate the source model as needed for the given task • Even if this is not conscious nor explicit 11/6/2007 53

  29. Build up idioms • Handling each task independently is hard • You can build up some more common idiomatic approaches – Some tasks, perhaps renaming, are often part of larger tasks and may apply frequently – Also internalize source models, tools, etc. and what they are (and are not) good at • But don’t constrain yourself to only what your usual tools are good for 11/6/2007 54

  30. Source model accuracy • This is important for programmers to understand • Little focus is given to the issue 11/6/2007 55

  31. Call graph extraction tools (C) • Two basic categories: lexical or syntactic – lexical • e.g., awk, mkfunctmap, lexical source model extraction (LSME) • likely produce an approximate source model • extract calls across configurations • can extract even if we can’t compile • typically fast 11/6/2007 56

  32. A CGE experiment • To investigate several call graph extractors for C, we ran a simple experiment – For several applications, extract call graphs using several extractors – Applications: mapmaker, mosaic, gcc – Extractors: CIA, rigiparse, Field, cflow, mkfunctmap 11/6/2007 57

  33. Experimental results • Quantitative – pairwise comparisons between the extracted call graphs • Qualitative – sampling of discrepancies • Analysis – what can we learn about call graph extractors (especially, the design space)? 11/6/2007 58

  34. Pairwise comparison (example) • CIA vs. Field for Mosaic (4258 calls reported) – CIA found about 89% of the calls that Field found – Field did not find about 5% of the references CIA found – CIA did not find about 12% of the calls Field found 11/6/2007 59

  35. Quantitative Results • No two tools extracted the same calls for any of the three programs • In several cases, tools extracted large sets of non- overlapping calls • For each program, the extractor that found the most calls varied (but remember, more isn’t necessarily better) • Can’t determine the relationship to the ideal 11/6/2007 60

  36. Qualitative results • Sampled elements to identify false positives and false negatives • Mapped the tuples back to the source code and performed manual analysis by inspection • Every extractor produced some false positives and some false negatives 11/6/2007 61

  37. Call graph characterization no false positives false positives negatives no false ideal conservative none compilers negatives approximate false optimistic software profilers engineering tools 11/6/2007 62

  38. In other words, caveat emptor 11/6/2007 63

  39. Taxonomy: reverse/reengineering Chikofsky and Cross • Design recovery is a subset of reverse engineering • The objective of design recovery is to discover designs latent in the software – These may not be the original designs, even if there were any explicit ones – They are generally recovered independent of the task faced by the developer • It’s a way harder problem than design itself 11/6/2007 64

  40. Restructuring • One taxonomy activity is restructuring • Why don’t people restructure as much as we’d like…? – Doesn’t make money now – Introduces new bugs – Decreases understanding – Political pressures – Who wants to do it? – Hard to predict lifetime costs & benefits 11/6/2007 65

  41. Griswold’s 1st approach • Griswold developed an approach to meaning- preserving restructuring • Make a local change – The tool finds global, compensating changes that ensure that the meaning of the program is preserved • What does it mean for two programs to have the same meaning? – If it cannot find these, it aborts the local change 11/6/2007 66

  42. Simple example • • It’s not a local change nor a Swap order of formal parameters syntactic change • It requires semantic knowledge about the programming language • Griswold uses a variant of the sequence-congruence theorem [Yang] for equivalence – Based on PDGs (program dependence graphs) • It’s an O(1) tool 11/6/2007 67

  43. Limited power • The actual tool and approach has limited power • Can help translate one of Parnas’ KWIC decompositions to the other • Too limited to be useful in practice – PDGs are limiting • Big and expensive to manipulate • Difficult to handle in the face of multiple files, etc. • May encourage systematic restructuring in some cases 11/6/2007 68

  44. Star diagrams [Griswold et al.] • Meaning- preserving restructuring isn’t going to work on a large scale • But sometimes significant restructuring is still desirable • Instead provide a tool (star diagrams) to – record restructuring plans – hide unnecessary details • Some modest studies on programs of 20-70KLOC 11/6/2007 69

  45. A star diagram 11/6/2007 70

  46. Interpreting a star diagram • The root (far left) represents all the instances of the variable to be encapsulated • The children of a node represent the operations and declarations directly referencing that variable • Stacked nodes indicate that two or more pieces of code correspond to (perhaps) the same computation • The children in the last level (parallelograms) represent the functions that contain these computations 11/6/2007 71

  47. After some changes 11/6/2007 72

  48. Evaluation • Compared small teams of programmers on small programs – Used a variety of techniques, including videotape – Compared to vi/grep/etc. • Nothing conclusive, but some interesting observations including – The teams with standard tools adopted more complicated strategies for handling completeness and consistency 11/6/2007 73

  49. My view • Star diagrams may not be ―the‖ answer • But I like the idea that they encourage people – To think clearly about a maintenance task, reducing the chances of an ad hoc approach – They help track mundane aspects of the task, freeing the programmer to work on more complex issues – To focus on the source code • Murphy/Kersten and Mylyn and tasktop.com are of the same flavor…. 11/6/2007 74

  50. A view of maintenance Assigned Document Task Document Document Document Document Document Document Document Document Document Document Document When assigned a task to modify When assigned a task to modify an existing software system, an existing software system, how how does a software engineer does a software engineer choose choose to proceed? to proceed? 11/6/2007 75

  51. A task: isolating a subsystem • Many maintenance tasks require identifying and isolating functionality within the source – sometimes to extract the subsystem – sometimes to replace the subsystem 11/6/2007 76

  52. Mosaic • The task is to isolate and replace the TCP/IP subsystem that interacts with the network with a new corporate standard interface • First step in task is to estimate the cost (difficulty) 11/6/2007 77

  53. Mosaic source code • After some configuration and perusal, determine the source of interest is divided among 4 directories with 157 C header and source files • Over 33,000 lines of non-commented, non-blank source lines 11/6/2007 78

  54. Some initial analysis • The names of the directories suggest the software is broken into: – code to interface with the X window system – code to interpret HTML – two other subsystems to deal with the world-wide-web and the application (although the meanings of these is not clear) 11/6/2007 79

  55. How to proceed? • What source model would be useful? – calls between functions (particularly calls to Unix TCP/IP library) • How do we get this source model? – statically with a tool that analyzes the source or dynamically using a profiling tool – these differ in information characterization produced • False positives, false negatives, etc. 11/6/2007 80

  56. More... • What we have – approximate call and global variable reference information • What we want – increase confidence in source model • Action: – collect dynamic call information to augment source model 11/6/2007 81

  57. Augment with dynamic calls • Compile Mosaic with profiling support • Run with a variety of test paths and collect profile information • Extract call graph source model from profiler output – 1872 calls – 25% overlap with CIA – 49% of calls reported by gprof not reported by CIA 11/6/2007 82

  58. Are we done? • We are still left with a fundamental problem: how to deal with one or more ―large‖ source models? – Mosaic source model: static function references (CIA) 3966 static function-global var refs (CIA) 541 dynamic function calls (gprof) 1872 Total 6379 11/6/2007 83

  59. One approach • Use a query tool against the source model(s) – maybe grep? – maybe source model specific tool? • As necessary, consult source code –―It’s the source, Luke.‖ – Mark Weiser. Source Code. IEEE Computer 20 ,11 (November 1987) 11/6/2007 84

  60. Other approaches • Visualization • Reverse engineering • Summarization 11/6/2007 85

  61. Visualization • e.g., Field, Plum, Imagix 4D, McCabe, etc. (Field’s flowview is used above and on the next few slides...) • Note: several of these are commercial products 11/6/2007 86

  62. Visualization... 11/6/2007 87

  63. Visualization... 11/6/2007 88

  64. Visualization... • Provides a ―direct‖ view of the source model • View often contains too much information – Use elision (…) – With elision you describe what you are not interested in, as opposed to what you are interested in 11/6/2007 89

  65. Reverse engineering • e.g., Rigi, various clustering algorithms (Rigi is used above) 11/6/2007 90

  66. Reverse engineering... 11/6/2007 91

  67. Clustering • The basic idea is to take one or more source models of the code and find appropriate clusters that might indicate ―good‖ modules • Coupling and cohesion, of various definitions, are at the heart of most clustering approaches • Many different algorithms 11/6/2007 92

  68. Rigi’s approach • Extract source models (they call them resource relations) • Build edge-weighted resource flow graphs – Discrete sets on the edges, representing the resources that flow from source to sink • Compose these to represent subsystems – Looking for strong cohesion, weak coupling • The papers define interconnection strength and similarity measures (with tunable thresholds) 11/6/2007 93

  69. Math. concept analysis • Define relationships between (for instance) functions and global variables [Snelting et al.] • Compute a concept lattice capturing the structure – ―Clean‖ lattices = nice structure – ―ugly‖ ones = bad structure 11/6/2007 94

  70. An aerodynamics program • 106KLOC Fortran • 20 years old • 317 subroutines • 492 global variables • 46 COMMON blocks 11/6/2007 95

  71. Other concept lattice uses • File and version dependences across C programs (using the preprocessor) • Reorganizing class libraries 11/6/2007 96

  72. Dominator clustering • Girard & Koschke • Based on call graphs • Collapses using a domination relationship • Heuristics for putting variables into clusters 11/6/2007 97

  73. Aero program • Rigid body simulation; 31KLOC of C code; 36 files; 57 user-defined types; 480 global variables; 488 user-defined routines 11/6/2007 98

  74. Other clustering • Schwanke – Clustering with automatic tuning of thresholds – Data and/or control oriented – Evaluated on reasonable sized programs • Basili and Hutchens – Data oriented 11/6/2007 99

  75. Reverse engineering recap • Generally produces a higher-level view that is consistent with source – Like visualization, can produce a ―precise‖ view – Although this might be a precise view of an approximate source model • Sometimes view still contains too much information leading again to the use of techniques like elision – May end up with ―optimistic‖ view 11/6/2007 100

More recommend